All,
I had forgotten about the text in section 1.3.4 -- I agree that would
disallow the placment in a receipt request in a counter signature.
I also agree that I don't have a reason for doing receipt requests in
counter signatures, but I have also learned never to underestimate the
things needed by somebody in the market that I have never heard of and will
hopefully never hear from. Given that the question was being asked I made
the assumption that Tom had some type of requirement that might require this
type of behavior.
jim
-----Original Message-----
From: jsp(_at_)jgvandyke(_dot_)com [mailto:jsp(_at_)jgvandyke(_dot_)com]
Sent: Wednesday, May 12, 1999 8:56 AM
To: Jim Schaad (Exchange); ietf-smime(_at_)imc(_dot_)org
Cc: jsp(_at_)ajsn101(_dot_)jgvandyke(_dot_)com
Subject: Re: Receipt Request Attribute
All,
I respectfully disagree with Jim's reply to Tom's message.
First, ESS Section 1.3.4, Placement of Attributes, states: "The only
attributes that are allowed in a counterSignature attribute are
counterSignature, messageDigest, signingTime, and
signingCertificates." This means that receiptRequest attributes are
not allowed to be carried in a counterSignature attribute.
Second, IMHO, it does not make sense to request a signedReceipt for
a counterSignature. A signedReceipt is intended to prove that a
recipient received and was able to verify the signature of the
message sent by the signer. What would a signedReceipt prove
for a counterSignature since the thing that is signed is not
a message, it is the originator's signature of the original message???
I do not believe that we should change ESS to allow receiptRequests
to be included in counterSignature attributes.
- John Pawling
Tom,
My opinion on this would be:
1. A CounterSignature can contain a receipt request.
2. The receipt request on the original SignedData and the receipt receipt
on the CounterSignature can be different. The requirement is that all
receipt requests in a SignerInfo sequence be the same and a CounterSigner
has a different SignerInfo sequence
jim
-----Original Message-----
From: Tom Kung [mailto:Tom(_dot_)Kung(_at_)entrust(_dot_)com]
Sent: Monday, May 10, 1999 11:48 AM
To: 'ietf-smime(_at_)imc(_dot_)org'
Subject: Receipt Request Attribute
Gooday,
I would appreciate clarification on the following with respect to the
Receipt Request attribute:
1. May a CounterSignature contain a receipt request?
2. If so, MUST all receipt requests in a SignedData be identical? The
spec specifies that all Receipt Requests be identical. Is it the intent
that CounterSignatures containing a receipt request MUST also be identical
with other receipt requests if it exists? I don't see why each
countersignature can not have a different receipt request.
thanx,tom.